Along with the rapid development of the Internet technology, there has been an increase in the type of attacks from the outside on computers connected via a network. In recent years, in order to resist attacks from the outside via the network, a monitoring program is continuously running with taking action such as obstructing detected access in the case of detecting unpermitted access from the outside to prevent attacks from the outside.
In many cases, the monitoring program uses a resident-type process to monitor file replication into a USB memory, to monitor a print job, or the like. Therefore, in the case where the resident-type process itself is forcibly terminated from the outside, the monitoring function becomes ineffective problematically.
For example, Japanese Patent Application JP10214208 discloses a method in which a dedicated process monitors a monitoring target process and restarts the process in the case of an abnormal end. Japanese Patent Application JP 2004246439 discloses a method in which a plurality of hosts mutually monitor programs to release a resource in a forcibly terminated process. Patent Japanese Patent Application JP2006-092057 discloses a method of causing exception handling to be reliably performed in the case where a process is forcibly terminated. None of these methods, however, are able to prevent a forced termination attack from the outside on a process itself which monitors a process.
Therefore, the forced termination attack from the outside has been avoided by inhibiting a general user from forcibly terminating the resident-type process such as, for example, by causing a monitor process to run as a service process which runs on the system authority in order to prevent the resident-type process itself from being forcibly terminated from the outside.
Even if, however, the monitor process is made to run as a service process which runs on the system authority, the monitor process might be easily forced to be terminated and the memory content might be altered or the like in the case where a user who has obtained the system authority by means of so-called “impersonation” launches a forced termination attack on the process.
Further, for example, as disclosed in Japanese Patent Application JP2000-215065 (U.S. Pat. No. 6,385,721B1), it is also conceivable to protect the monitor process by using a hibernation partition which is hidden from the operating system. This, however, requires the presence of the hibernation partition and lacks versatility enabling the application to all kinds of operating systems.